CVE-2025-13604 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WordPress plugin 'Login Security, FireWall, Malware removal by CleanTalk' (versions up to and including 2.168). The vulnerability stems from improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of the page URL parameter. This flaw allows unauthenticated attackers to inject arbitrary JavaScript code into pages served by the plugin. When a user accesses a page containing the injected script, the malicious code executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS v3.1 base score is 7.2, reflecting a high severity due to network attack vector, low attack complexity, no privileges required, no user interaction needed, and a scope change (impacting resources beyond the vulnerable component). The vulnerability affects all versions of the plugin up to 2.168, with no patch links currently available. Although no known exploits have been reported in the wild, the nature of stored XSS and the plugin's widespread use in WordPress installations make this a significant threat. The vulnerability is categorized under CWE-79, which covers improper neutralization of input leading to XSS attacks.

The impact of CVE-2025-13604 is significant for organizations using the vulnerable CleanTalk plugin on WordPress sites. Successful exploitation allows attackers to execute arbitrary scripts in users' browsers without authentication or user interaction, compromising confidentiality and integrity. Attackers can steal session cookies, credentials, or other sensitive data, potentially leading to account takeover or unauthorized actions within the affected website. This can result in data breaches, reputational damage, and loss of user trust. Additionally, attackers might leverage the XSS flaw as a pivot point for further attacks, such as delivering malware or conducting phishing campaigns. Since WordPress powers a large portion of websites globally, and this plugin is used for security and malware removal, the vulnerability undermines the trust in the site's security posture. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation given the ease of exploitation and broad impact scope.

Organizations should immediately audit their WordPress installations to identify the presence of the 'Login Security, FireWall, Malware removal by CleanTalk' plugin and its version. Since no official patch links are currently available, administrators should consider the following mitigations: 1) Temporarily disable or uninstall the vulnerable plugin until a patched version is released. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious URL parameters containing script tags or typical XSS payloads targeting the plugin's pages. 3) Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. 4) Review and sanitize all user-generated content and URL parameters at the application level if custom code is used alongside the plugin. 5) Monitor logs for unusual access patterns or injection attempts targeting the plugin. 6) Educate site administrators and users about the risks of XSS and encourage prompt reporting of suspicious behavior. Once a vendor patch is released, prioritize immediate update of the plugin to the fixed version. Additionally, maintain regular backups and incident response plans to mitigate potential damage from exploitation.